The most serious risk associated with the exchange of electronic information on open, unsecured networks, particularly on the Internet, may be that digital data can be easily modified during transfer. Therefore, the demand for more secure transfer systems has increased.
Most of today's transactions on the Internet involve access by the user to files on servers (e.g., on Web servers or mail servers) by activating hyperlinks. On open, unsecured networks, when a user selects and activates hyperlinks from a Web browser, or when a user clicks on the icons of file attachments on received e-mail, it is important to authenticate all linked and attached files prior to using them as intended. Such files may include, but are not limited to, computer programs, text documents, graphics, pictures, audio, video, or other information that is suitable for use within a computer system. Also, when a user selects and activates hyperlinks on open and unsecured networks, it is essential to be sure, not only of the authenticity and the integrity of the received (linked) files, but also that those files have been placed and are being accessed from trustworthy servers and from authenticated network addresses (i.e., from authenticated hyperlinks).
To illustrate these security concerns, if a document includes a hyperlink to an executable file or a software program, the user may wish to ensure, when activating the hyperlink, that the received file has been sent by a trustworthy party prior to exposing his computer system to a program file that might include a “Trojan Horse” or that could infect the user's computer with a virus. Also, when a user on the Internet receives data from a server, it may be necessary to verify that the received data has not been corrupted or otherwise altered in some manner. The receiving user may also need to verify that the data received was actually received from the proper sender, rather than from an impostor.
To improve the security of data transmitted over computer networks, while preventing digital forgeries and impersonations, document authentication and signer authentication safeguards must be used. The standard solution consists of adding a MAC or Message Authentication Code to the transmitted documents. A MAC is a digest computed with a one-way hash function over the document and which depends on a secret key, known only to the sender and the receiver. The MAC allows the receiver to check first that what is received has indeed been originated by the party who shares the secret-key, and second, that the document has not been altered. For example, the Secure Hash Algorithm or SHA specified by the National Institute of Standards and Technologies, NIST, FIPS PUB 180-1, “Secure Hash Standard”, US Department of Commerce, May 1993, produces a 160-bit hash. It may be combined with a key (e.g., through the use of a mechanism referred to as HMAC or Keyed-Hashing for Message Authentication), subject of the RFC (Request For Comment) of the IETF (Internet Engineering Task Force) under the number 2104. HMAC is devised so that it can be used with any iterative cryptographic hash function including SHA. Therefore, a MAC can be appended to the transmitted document so that the whole document can be checked by the recipient.
For authenticating a document that includes a plurality of links to other files, not only the document, but also all the files linked to it must be authenticated. To deal with those very common cases, typically a single MAC is generated by applying a cryptographic hashing algorithm to an aggregate of the document and all linked files. When such an authenticated document and linked files are received, the verification algorithm must also be applied to the same aggregate of the received document and all linked files. However, the process of authenticating and verifying, and/or generating hash functions, places an additional overhead on the sending and receiving computational resources. Particularly, when a user receives a document that contains many hyperlinks to large files, the verification of the aggregate of the received document and all linked files would imply an excessive burden on the receiving computer resources and unacceptable delays on such computer network environments (e.g., if a received document is hyperlinked to one-hundred digital image files, each of them of about one megabyte, assuming that the average verification process takes one second on a personal computer, the user would have to wait for about 100 seconds after receiving the document, for securely accessing the verified files).
The prior art teaches methods for efficiently securing and verifying the authenticity of a plurality of data files, in particular data files intended to be transferred over computer networks. Most methods for verifying the authenticity of groups of data files provide, along with the group of data files, a separate signature file or MAC file. This MAC file includes individual check-values for the data files (e.g., hash-values) as well as a digital signature or a MAC value for the group. The digital signature of the group of files is verified using a computer system. Check-values in the signature file are compared with the corresponding values computed from the data files using the computer system. A typical method for generating a separate signature file for groups of data files is described in U.S. Pat. No. 5,958,051 “Implementing digital signatures for data streams and data archives”, Renaud, et al., which is hereby incorporated herein by reference.
Obviously, methods using checking information in a separate file have the drawback of separating checked information and checking information (i.e., the signature or the MAC file). Therefore, the checking information can be intentionally removed in an attempt to cheat, or can be accidentally lost if intermediate equipment and the communication protocol used to forward electronic documents and data files are not devised to manipulate this extra piece of information. The checking information should then be encoded transparently into the body of the document in a manner that does not affect the readability of the document, and so that the checking information remains intact across the various manipulations it may encounter to on its way to the destination to enable the end-recipient to authenticate the document.
Another approach to authentication which applies well to images consists of hiding data in the digital representation of the images. To meet the above requirement, checking information is merged and hidden in the document itself. The hiding of data has received considerable attention mainly to protect the copyright attached to digital multimedia materials which can easily be copied and distributed everywhere through the Internet and networks in general. A good review of data hiding techniques is described in the publication entitled “Techniques for data hiding” by W. Bender et al., IBM Systems Journal, Vol. 35, Nos. 3 & 4, 1996. The most common form of high bit-rate encoding reported in the preceding publication is the replacement of the least significant luminance bit of image data with the embedded data. This technique is imperceptible (the alteration of the image is not noticeable) and may serve various purposes, similar to authentication. This includes watermarking (aimed at placing an indelible mark on an image) or tamper-proofing (to detect image alterations especially through the embedding of a MAC into the digital image).
In practice, in computing environments where users navigate across files on a network and activate hyperlinks from one file to another, there is no need to verify immediately each received document and all the various files that are hyperlinked to it. What is really needed is a mechanism, when a hyperlink is activated by the user, for verifying the authenticity and integrity of this hyperlink, and the authenticity and integrity of the file associated with this hyperlink. Under these circumstances, it would be advantageous to define an authentication method that associates the checking information of a linked file with the hyperlinked object itself from which the linked file is accessed (and not to the document comprising the hyperlinked object, as is the common practice taught by the prior art, for instance by appending or attaching a MAC file to the document).
To ensure that the linked file is authentic, it is important to receive this file from a trustworthy server (i.e., from an authenticated network address). Therefore, it is advantageous to define an authentication method that associates with the same hyperlinked object, not only the checking information of the linked file, but also the checking information of the network address of the file.
On a document comprising a plurality of hyperlinks, it would be advantageous to define a system and method for authenticating and verifying each individual hyperlink and each linked file. For doing that, checking information must be associated with each hyperlink object (and not with the document that contains the hyperlinked objects). In order not to affect the format and readability of the document, the checking information of each hyperlink must be encoded transparently into the hyperlink object itself. Furthermore, the checking information must remain intact across the various manipulations it encounters on its way to its destination, to enable the end-recipient to verify the authenticity and integrity of the hyperlink and its associated file.
Therefore, there is a need for an efficient system and method for securing and verifying the authenticity and integrity of hyperlinks (i.e., hyperlink network addresses and hyperlinked files), especially hyperlinks intended to be activated on unsecured computer networks.
There is a also a need for a protocol-independent system and method for authenticating hyperlinks, so that the checking information of hyperlinks in a document remains intact across the various manipulations of this document.
There is also a need for a system and method for encoding and embedding the checking information of hyperlinks into the hyperlinks, so that the integrity of the hyperlink network addresses and the integrity of linked files or resources may be checked when these hyperlinks are activated, while preventing the checking information from being lost or separated from the hyperlinks.
In particular, there is a need for a system and method for encoding and embedding the checking information of a hyperlinked graphic object into this hyperlinked graphic object.